github.com/ojongerius/docker@v1.11.2/hack/make/sign-repos (about) 1 #!/bin/bash 2 3 # This script signs the deliverables from release-deb and release-rpm 4 # with a designated GPG key. 5 6 : ${DOCKER_RELEASE_DIR:=$DEST} 7 : ${GPG_KEYID:=releasedocker} 8 APTDIR=$DOCKER_RELEASE_DIR/apt/repo 9 YUMDIR=$DOCKER_RELEASE_DIR/yum/repo 10 11 if [ -z "$GPG_PASSPHRASE" ]; then 12 echo >&2 'you need to set GPG_PASSPHRASE in order to sign artifacts' 13 exit 1 14 fi 15 16 if [ ! -d $APTDIR ] && [ ! -d $YUMDIR ]; then 17 echo >&2 'release-rpm or release-deb must be run before sign-repos' 18 exit 1 19 fi 20 21 sign_packages(){ 22 # sign apt repo metadata 23 if [ -d $APTDIR ]; then 24 # create file with public key 25 gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/apt/gpg" 26 27 # sign the repo metadata 28 for F in $(find $APTDIR -name Release); do 29 if test "$F" -nt "$F.gpg" ; then 30 gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \ 31 --armor --sign --detach-sign \ 32 --batch --yes \ 33 --output "$F.gpg" "$F" 34 fi 35 done 36 fi 37 38 # sign yum repo metadata 39 if [ -d $YUMDIR ]; then 40 # create file with public key 41 gpg --armor --export "$GPG_KEYID" > "$DOCKER_RELEASE_DIR/yum/gpg" 42 43 # sign the repo metadata 44 for F in $(find $YUMDIR -name repomd.xml); do 45 if test "$F" -nt "$F.asc" ; then 46 gpg -u "$GPG_KEYID" --passphrase "$GPG_PASSPHRASE" \ 47 --armor --sign --detach-sign \ 48 --batch --yes \ 49 --output "$F.asc" "$F" 50 fi 51 done 52 fi 53 } 54 55 sign_packages